Multi-dimensional credentialing using veiled certificates

US 8,468,355 B2
Filed: 12/21/2009
Issued: 06/18/2013
Est. Priority Date: 12/19/2008
Status: Active Grant

First Claim

Patent Images

1. A method for creating veiled certificates, the method comprising:

requesting a certificate from a regulator by sending a message with a digital signature of the message signed by an owner, the message comprising the owner'"'"'s veiled certificate token, the veiled certificate token comprising an encrypted version of the owner'"'"'s identification data and the owner'"'"'s public key for the certificate, the message further comprising an identification public key, the message being encrypted using the regulator'"'"'s external public key;

validating the certificate request by verifying the sender'"'"'s identity through validation of the digital signature using the owner'"'"'s external public key and verifying the veiled certificate token has been created properly using the identification public key;

creating a veiled certificate by combining the veiled certificate token, identification public key, and digitally signing the veiled certificate with regulator'"'"'s private key, wherein the owner'"'"'s identification information is inaccessible from the veiled certificate, except to the certificate owner;

requesting a certificate from a second regulator by sending a message with a digital signature of the message signed by the owner, the message comprising the owner'"'"'s veiled certificate token, the veiled certificate token comprising the owner'"'"'s identification data and the owner'"'"'s public key for the certificate, the message further comprising the identification public key, the message being encrypted using the second regulator'"'"'s external public key;

validating the certificate request by verifying the sender'"'"'s identity through validation of the digital signature using the owner'"'"'s external public key and verifying the veiled certificate token using the identification public key; and

creating a second veiled certificate by combining the veiled certificate token, identification public key, and digitally signing the second veiled certificate with second regulator'"'"'s private key, wherein the owner'"'"'s identification information is inaccessible from the second veiled certificate, except to the owner.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with certain embodiments of the present disclosure, a method for creating a veiled certificate is provided. The method comprises requesting a certificate from a regulator by sending a message with a digital signature of the message signed by the owner. The message comprises an owner'"'"'s veiled certificate token, the veiled certificate token comprising an encrypted version of the owner'"'"'s identification data and the owner'"'"'s identification public key for the certificate. The message further comprises the identification public key, the whole message being encrypted using the regulator'"'"'s external public key. The certificate request is validated by verifying the sender'"'"'s identity through validation of the digital signature using the owner'"'"'s external public key and verifying the veiled certificate token using the individual'"'"' external public key. A veiled certificate is created by combining the veiled certificate token, identification public key and digitally signing the veiled certificate with the regulator'"'"'s private key, wherein the owner'"'"'s identification information is inaccessible from the veiled certificate, except to the certificate owner.

Citations

9 Claims

1. A method for creating veiled certificates, the method comprising:
- requesting a certificate from a regulator by sending a message with a digital signature of the message signed by an owner, the message comprising the owner'"'"'s veiled certificate token, the veiled certificate token comprising an encrypted version of the owner'"'"'s identification data and the owner'"'"'s public key for the certificate, the message further comprising an identification public key, the message being encrypted using the regulator'"'"'s external public key;
  
  validating the certificate request by verifying the sender'"'"'s identity through validation of the digital signature using the owner'"'"'s external public key and verifying the veiled certificate token has been created properly using the identification public key;
  
  creating a veiled certificate by combining the veiled certificate token, identification public key, and digitally signing the veiled certificate with regulator'"'"'s private key, wherein the owner'"'"'s identification information is inaccessible from the veiled certificate, except to the certificate owner;
  
  requesting a certificate from a second regulator by sending a message with a digital signature of the message signed by the owner, the message comprising the owner'"'"'s veiled certificate token, the veiled certificate token comprising the owner'"'"'s identification data and the owner'"'"'s public key for the certificate, the message further comprising the identification public key, the message being encrypted using the second regulator'"'"'s external public key;
  
  validating the certificate request by verifying the sender'"'"'s identity through validation of the digital signature using the owner'"'"'s external public key and verifying the veiled certificate token using the identification public key; and
  
  creating a second veiled certificate by combining the veiled certificate token, identification public key, and digitally signing the second veiled certificate with second regulator'"'"'s private key, wherein the owner'"'"'s identification information is inaccessible from the second veiled certificate, except to the owner.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising third party validation of the veiled certificate comprising:
    - validating the integrity of the veiled certificate by decrypting the digitally signed veiled certificate using regulator'"'"'s external public key; and
      
      verifying ownership of the veiled certificate, wherein none of owner'"'"'s identification data is provided to the third party.
  - 3. The method of claim 1, further comprising aggregating the first and second veiled certificates.
  - 4. The method of claim 3, further comprising third party validation of the aggregated veiled certificates comprising:
    - validating the integrity of the veiled certificates by decrypting the digitally signed veiled certificates using the regulators'"'"' external public keys; and
      
      verifying ownership of the veiled certificates, wherein none of owner'"'"'s identification data is provided to the third party.
  - 5. The method of claim 1, wherein the message further comprises a timestamp that specifies the lifetime of the veiled certificate.
  - 6. The method of claim 1, wherein the message further comprises additional evidence to prove credential worthiness, such additional evidence being removed when the veiled certificate is created.
  - 7. The method of claim 1, wherein the message further comprises an escrowed version of the private key corresponding to the identification public key embedded in the veiled certificate to aid in key management.
  - 8. The method of claim 1, wherein the message further comprises biometric information, such biometric information being present in the veiled certificate.
  - 9. The method of claim 8, wherein the biometric information comprises an iris scan, facial scan, hand geometry, palm print, finger print, retina scan, or other hard biometric data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of South Carolina
Original Assignee
University of South Carolina
Inventors
Kalvenes, Joakim, Huang, Chin-Tser, Gerdes, John H. Jr.
Primary Examiner(s)
Gelagay, Shewaye

Application Number

US12/643,364
Publication Number

US 20100185864A1
Time in Patent Office

1,275 Days
Field of Search

None
US Class Current

713/175
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 2209/88   Medical equipments

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

Multi-dimensional credentialing using veiled certificates

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-dimensional credentialing using veiled certificates

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links